The First Workshop on Language-Theoretic Security (LangSec) at the IEEE CS Security & Privacy Workshops solicits contributions related to the growing area of language-theoretic security. LangSec offers a coherent explanation for the "science of insecurity" as more than an ad hoc collection of software mistakes or design flaws. This explanation is predicated on the connection between fundamental computability principles and the continued existence of software flaws. LangSec posits that the only path to trustworthy software that takes untrusted inputs is treating all valid or expected inputs as a formal language and treating the respective input-handling routines as a recognizer for that language. The LangSec approach to system design is primarily concerned with achieving practical assurance: development that is rooted in fundamentally sound computability theory, but is expressed as efficient and practical systems components. One major objective of the workshop is to develop and share this viewpoint with attendees and the broader systems security community to help establish a foundation for research based on LangSec principles.
The overall goal of the workshop is to bring more clarity and focus to two complementary areas: (1) practical software assurance and (2) vulnerability analysis (identification, characterization, and exploit development). The LangSec community views these activities as related and highly structured engineering disciplines and seeks to provide a forum to explore and develop this relationship.